Changeset 805


Ignore:
Timestamp:
Aug 18, 2008, 2:01:46 PM (16 years ago)
Author:
quentin
Message:
Load balance port 444 in addition to port 443, and do a negotiate check on SSL so we verify the server is up
Location:
lvs/debian/config/etc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • lvs/debian/config/etc/ha.d/ldirectord.cf

    r766 r805  
    77virtual=18.181.0.46:80
    88        real=18.181.0.53:80 gate 1024
    9         real=18.181.0.57:80 gate 1024
     9        #real=18.181.0.57:80 gate 1024
    1010        real=18.181.0.167:80 gate 1024
    1111        fallback=18.187.1.128:80 gate
     
    1919virtual=18.181.0.46:443
    2020        real=18.181.0.53:443 gate 1024
    21         real=18.181.0.57:443 gate 1024
     21        #real=18.181.0.57:443 gate 1024
    2222        real=18.181.0.167:443 gate 1024
    2323        fallback=18.187.1.128:443 gate
    2424        service=https
    2525        request="heartbeat/https"
     26        virtualhost="scripts.mit.edu"
    2627        receive="1"
    2728        scheduler=sh
    2829        protocol=tcp
    29         checktype=connect
     30        checktype=negotiate
     31
     32virtual=18.181.0.46:444
     33        real=18.181.0.53:444 gate 1024
     34        #real=18.181.0.57:444 gate 1024
     35        real=18.181.0.167:444 gate 1024
     36        fallback=18.187.1.128:444 gate
     37        service=https
     38        request="heartbeat/https"
     39        virtualhost="scripts.mit.edu"
     40        receive="1"
     41        scheduler=sh
     42        protocol=tcp
     43        checktype=negotiate
    3044
    3145virtual=18.181.0.50:80
    3246        real=18.181.0.53:80 gate 1024
    33         real=18.181.0.57:80 gate 1024
     47        #real=18.181.0.57:80 gate 1024
    3448        real=18.181.0.167:80 gate 1024
    3549        fallback=18.187.1.128:80 gate
     
    4357virtual=18.181.0.50:443
    4458        real=18.181.0.53:443 gate 1024
    45         real=18.181.0.57:443 gate 1024
     59        #real=18.181.0.57:443 gate 1024
    4660        real=18.181.0.167:443 gate 1024
    4761        fallback=18.187.1.128:443 gate
     
    5367        checktype=connect
    5468
     69virtual=18.181.0.50:444
     70        real=18.181.0.53:444 gate 1024
     71        #real=18.181.0.57:444 gate 1024
     72        real=18.181.0.167:444 gate 1024
     73        fallback=18.187.1.128:444 gate
     74        service=https
     75        request="heartbeat/https"
     76        receive="1"
     77        scheduler=sh
     78        protocol=tcp
     79        checktype=negotiate
     80
    5581virtual=18.181.0.49:80
    5682        real=18.181.0.53:80 gate 1024
    57         real=18.181.0.57:80 gate 1024
    58         #real=18.181.0.167:443 gate 1024
     83        #real=18.181.0.57:80 gate 1024
     84        real=18.181.0.167:443 gate 1024
    5985        fallback=18.187.1.128:80 gate
    6086        service=http
     
    6793virtual=18.181.0.49:443
    6894        real=18.181.0.53:443 gate 1024
    69         real=18.181.0.57:443 gate 1024
    70         #real=18.181.0.167:443 gate 1024
     95        #real=18.181.0.57:443 gate 1024
     96        real=18.181.0.167:443 gate 1024
    7197        fallback=18.187.1.128:443 gate
    7298        service=https
     
    79105virtual=1
    80106        real=18.181.0.53 gate "heartbeat/services", "1"
    81         real=18.181.0.57 gate "heartbeat/services", "2"
     107        #real=18.181.0.57 gate "heartbeat/services", "2"
    82108        real=18.181.0.167 gate "heartbeat/services", "3"
    83109        service=http
  • lvs/debian/config/etc/network/if-up.d/iptables

    r584 r805  
    66
    77# scripts.mit.edu
    8 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.46/31 --dports 80,443 -j MARK --set-mark 2
     8iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.46/31 --dports 80,443,444 -j MARK --set-mark 2
    99iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.46/31 -j MARK --set-mark 1
    1010
    1111# scripts-cert.mit.edu
    12 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.50/31 --dports 80,443 -j MARK --set-mark 2
     12iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.50/31 --dports 80,443,444 -j MARK --set-mark 2
    1313iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.50/31 -j MARK --set-mark 1
    1414
Note: See TracChangeset for help on using the changeset viewer.